AES Code Example

Transcription

1 210 Figure Block cipher chaining modes AES Code Example Now that we have covered block ciphers and CBC, we provide a simple Java code example that can encrypt and decrypt using AES in CBC mode. Our code will show you how to practically use symmetric encryption, and will provide an example that shows it in action. How AES encryption is done may differ from one language to another, but our example will give you a general flavor as to what code that uses cryptographic libraries looks like. Our Java class is called AESEncrypter. It is a command-line utility that can create an AES key, encrypt with the key, and decrypt with the key. The first argument to the command-line tool specifies what it should do: create a key, encrypt, or decrypt. It stores keys in files, and accepts the name of the key file as the second parameter on the command line. It accepts its input from stdin and writes its output to stdout. The following are some example commands that Alice might use to generate a key and encrypt: $ java com.learnsecurity.aesencrypter createkey mykey $ echo "Meet Me At Central Park" java com.learnsecurity AESEncrypter encrypt mykey > ciphertext

2 211 Note that the generated key is stored in a file called mykey, and the encrypted text is stored in the ciphertext file. (We do not show the contents of the ciphertext file, as it is made up of nonprintable binary data, and will differ depending upon the key that is generated.) Once Alice provides the mykey file to Bob over a secure channel, she can then safely send the ciphertext file (or any other files encrypted with the same key) to Bob over an insecure channel. Once Bob receives ciphertext, he can use the AESEncrypter program to decrypt the text as follows: $ java com.learnsecurity.aesencrypter decrypt mykey < ciphertext Meet Me At Central Park The entire code for the utility is shown here: package com.learnsecurity; import java.security.*; import java.security.spec.*; import javax.crypto.*; import javax.crypto.spec.*; import java.io.*; public class AESEncrypter { public static final int IV_SIZE = 16; // 128 bits public static final int KEY_SIZE = 16; // 128 bits public static final int BUFFER_SIZE = 1024; // 1KB Cipher cipher; SecretKey secretkey; AlgorithmParameterSpec ivspec; byte[] buf = new byte[buffer_size]; byte[] ivbytes = new byte[iv_size]; public AESEncrypter(SecretKey key) throws Exception { cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); secretkey = key; public void encrypt(inputstream in, OutputStream out) throws Exception { // create IV and write to output ivbytes = createrandbytes(iv_size); out.write(ivbytes); cipher.init(cipher.encrypt_mode, secretkey, ivspec); // Bytes written to cipherout will be encrypted CipherOutputStream cipherout = new CipherOutputStream(out, cipher);

3 212 // Read in the plaintext bytes and write to cipherout to encrypt while ((numread = in.read(buf)) >= 0) cipherout.write(buf, 0, numread); cipherout.close(); public void decrypt(inputstream in, OutputStream out) throws Exception { // read IV first in.read(ivbytes); cipher.init(cipher.decrypt_mode, secretkey, ivspec); // Bytes read from in will be decrypted CipherInputStream cipherin = new CipherInputStream(in, cipher); // Read in the decrypted bytes and write the plaintext to out while ((numread = cipherin.read(buf)) >= 0) out.write(buf, 0, numread); out.close(); public static byte [] createrandbytes(int numbytes) throws NoSuchAlgorithmException { byte [] bytesbuffer = new byte [numbytes]; SecureRandom sr = SecureRandom.getInstance("SHA1PRNG"); sr.nextbytes(bytesbuffer); return bytesbuffer; public static void main(string argv[]) throws Exception { if (argv.length!= 2) String operation = argv[0]; String keyfile = argv[1]; if (operation.equals("createkey")) { FileOutputStream fos = new FileOutputStream(keyFile); KeyGenerator kg = KeyGenerator.getInstance("AES"); kg.init(key_size*8); SecretKey skey = kg.generatekey(); /* write key */ fos.write(skey.getencoded()); fos.close(); else { /* read key */

4 213 byte keybytes [] = new byte [KEY_SIZE]; FileInputStream fis = new FileInputStream(keyFile); fis.read(keybytes); SecretKeySpec keyspec = new SecretKeySpec(keyBytes, "AES"); /* initialize encrypter */ AESEncrypter aes = new AESEncrypter(keySpec); if (operation.equals("encrypt")) { aes.encrypt(system.in, System.out); else if (operation.equals("decrypt")) { aes.decrypt(system.in, System.out); else { public static void usage () { System.err.println("java com.learnsecurity.aesencrypter " + "createkey encrypt decrypt <keyfile>"); System.exit(-1); We now walk through bite-sized pieces of the code, one chunk at a time. We start with the imports and data members of the AESEncrypter class: package com.learnsecurity; import java.security.*; import java.security.spec.*; import javax.crypto.*; import javax.crypto.spec.*; import java.io.*; public class AESEncrypter { public static final int IV_SIZE = 16; // 128 bits public static final int KEY_SIZE = 16; // 128 bits public static final int BUFFER_SIZE = 1024; // 1KB Cipher cipher; SecretKey secretkey; AlgorithmParameterSpec ivspec; byte[] buf = new byte[buffer_size]; byte[] ivbytes = new byte[iv_size];

5 214 The imports at the top of the program simply declare that our program uses the Java security and cryptography support packages, in addition to the I/O library. The IV_SIZE and KEY_SIZE for our AESEncrypter class are defined to be 16 bytes, or 128 bits. BUFFER_SIZE specifies the size of the buffer that will be used to read in chunks of the input and write chunks of output. AESEncrypter uses a cipher object, defined in the Java cryptography library, that will be used to actually do the encryption or decryption, as specified by the program s command-line arguments. The secretkey object will store the secret, symmetric key that will be used. The ivspec object will specify the IV to be used to initialize the CBC. The ivspec object is initialized using bytes from ivbytes. The first line of the constructor for the AESEncrypter class initializes the cipher object to use AES in CBC mode: public AESEncrypter(SecretKey key) throws Exception { cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); secretkey = key; It also specifies that PKCS #5 padding should be used. If the input to encrypt is not, say, a multiple of 128 bits, it will be padded extra data will be added to the input to force the input to be a multiple of 128 bits. While we do not go into the details of PKCS #5 (or other padding schemes), you can read more about the topic in PKCS #5: Password-Based Cryptography Standard, by RSA Laboratories. The remaining line in the constructor simply caches the secret key in a data member of the AESEncrypter object. We describe the encrypt() and decrypt() methods next. Both of them take input and output streams as parameters. The input stream allows the method to read input from a file (or from wherever the input stream originates), and the output stream allows the method to output data. In the case of encrypt(), as you might expect, the input stream is plaintext and the output stream is ciphertext, while in the case of decrypt(), it is vice versa. The encrypt() method is as follows: public void encrypt(inputstream in, OutputStream out) throws Exception { // create IV and write to output ivbytes = createrandbytes(iv_size); out.write(ivbytes); cipher.init(cipher.encrypt_mode, secretkey, ivspec); // Bytes written to cipherout will be encrypted CipherOutputStream cipherout = new CipherOutputStream(out, cipher); // Read in the plaintext bytes and write to cipherout to encrypt while ((numread = in.read(buf)) >= 0) cipherout.write(buf, 0, numread); cipherout.close();

6 215 The encrypt() method first generates some random bytes to serve as the IV, and stores those bytes in the ivspec object. Then, the method initializes the cipher object to be in encrypt mode, and passes it the secret key and IV. The method then constructs a CipherOutputStream object from the output stream passed to encrypt() and the cipher object. Any data that is written to the CipherOutputStream object is first enciphered, and then written to the output stream. Once the CipherOutputStream object is initialized, the method then enters a loop in which data is read from the input stream and written to CipherOutputStream until all the data from the input stream has been consumed. Finally, the CipherOutputStream object is closed, and any remaining unencrypted bytes are padded, encrypted, and written. If the output stream is a file or a network socket, it will be closed. The decrypt() method is similar to the encrypt() method, except that it reads the IV and ciphertext from the input stream, and writes plaintext to the output stream: public void decrypt(inputstream in, OutputStream out) throws Exception { // read IV first in.read(ivbytes); cipher.init(cipher.decrypt_mode, secretkey, ivspec); // Bytes read from in will be decrypted CipherInputStream cipherin = new CipherInputStream(in, cipher); // Read in the decrypted bytes and write the plaintext to out while ((numread = cipherin.read(buf)) >= 0) out.write(buf, 0, numread); out.close(); Now that we have described the most important subroutines in AESEncrypter, we show how the program s main() method brings it all together: public static void main (String argv[]) throws Exception { if (argv.length!= 2) String operation = argv[0]; String keyfile = argv[1]; if (operation.equals("createkey")) { FileOutputStream fos = new FileOutputStream(keyFile); KeyGenerator kg = KeyGenerator.getInstance("AES"); kg.init(key_size*8); SecretKey skey = kg.generatekey(); /* write key */ fos.write(skey.getencoded()); fos.close(); else {

7 216 /* read key */ byte keybytes [] = new byte [KEY_SIZE]; FileInputStream fis = new FileInputStream(keyFile); fis.read(keybytes); SecretKeySpec keyspec = new SecretKeySpec(keyBytes, "AES"); /* initialize encrypter */ AESEncrypter aes = new AESEncrypter(keySpec); if (operation.equals("encrypt")) { aes.encrypt(system.in, System.out); else if (operation.equals("decrypt")) { aes.decrypt(system.in, System.out); else { The main() method first reads its two command-line arguments: the operation that the user would like to conduct, and the name of the key file. In the case that the user did not supply enough command-line arguments, a usage message is printed to the standard error output stream. Then, depending upon the operation requested, it takes an appropriate action. In the case that the user asks to create a key, the program creates a new file using a FileOutputStream object, and writes the key returned by the KeyGenerator s generatekey() method to the file. The KeyGenerator class in Java should be used to construct cryptographically random keys that are not weak (see Section 14.2 for more information about weak keys). If the user requests encryption or decryption, the main program simply calls the encrypt() or decrypt() method, respectively, after initializing the AESEncrypter object with the key read from the key file. (If the user did not specify a valid operation, a usage error is printed.) From the preceding example, you can see how it s possible to practically implement a flexible encryption tool in just a few lines of code. With just this small program, you can encrypt and decrypt any file. However, AESEncrypter does not provide integrity protection for the encrypted file, and in the real world you would add on a message authentication code (MAC) and use a key derivation function to get a different MAC and encryption key. Aside from the limitation of not automatically providing integrity protection, the AESEncrypter class is written such that it can be used in other programs to encrypt and decrypt not only files, but also any data that can be transferred over a stream, including data that is exchanged between clients and servers over network sockets. As you can imagine, one major challenge is securely distributing the key file to the client and server. In Chapters 13 and 14, we discuss asymmetric cryptography and key exchange, which helps address the key distribution problem. In this chapter, we complete our discussion of symmetric cryptography with an introduction to stream ciphers.